我正在尝试实施Spring Security的OAuth2授权服务器。当试图访问令牌端点(/ oauth / token)时,我得到了404.我认为有一些我不知道的东西,但对于我的生活,我看不到它。
我正在使用Java配置;
我的配置如下:
ApplicationSecurityConfig.java
用于在WAR
中注册配置文件public class ApplicationSecurityConfig extends
AbstractSecurityWebApplicationInitializer {
public ApplicationSecurityConfig() {
super(SecurityConfig.class, AuthorizationServerConfig.class);
}
}
SpringSecurityConfig.java
为匹配URL模式/
的所有端点配置httpbasic身份验证@Configuration
@EnableWebSecurity
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user")
.password("password")
.roles("USER");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/")
.authenticated()
.and()
.httpBasic();
}
}
OauthAuthorizationServerConfig.java
用于配置授权服务器
@Configuration
@EnableAuthorizationServer
public class OauthAuthorizationServerConfig extends
AuthorizationServerConfigurerAdapter{
@Autowired
private TokenStore tokenStore;
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception{
clients
.inMemory()
.withClient("testClient")
.scopes("read", "write")
.authorities("ROLE_CLIENT")
.authorizedGrantTypes("password", "refresh_token")
.accessTokenValiditySeconds(60)
.refreshTokenValiditySeconds(3600);
}
@Bean
public TokenStore tokenStore(){
return new InMemoryTokenStore();
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception{
endpoints.tokenStore(tokenStore);
}
@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception{
oauthServer.allowFormAuthenticationForClients();
}
}
道歉,如果这是一个'男生错误',但我花了一些时间查看Spring在Github上发布的文档和样本,但我显然误解了一些东西。
- 编辑 -
我已经取代了 ApplicationSecurityConfig.java与SpringApplicationInit.java
public class SpringApplicationInit extends
AbstractAnnotationConfigDispatcherServletInitializer {
@Override
protected Class<?>[] getRootConfigClasses() {
return null;
}
@Override
protected Class<?>[] getServletConfigClasses() {
return new Class[]{
SpringSecurityConfig.class,
OauthAuthorizationServerConfig.class
};
}
@Override
protected String[] getServletMappings() {
return new String[]{"/"};
}
}
这会产生不同的结果。我现在得到500服务器错误状态代码:
javax.servlet.ServletException: No adapter for handler [public org.springframework.http.ResponseEntity<org.springframework.security.oauth2.common.OAuth2AccessToken> org.springframework.security.oauth2.provider.endpoint.TokenEndpoint.getAccessToken(java.security.Principal,java.util.Map<java.lang.String, java.lang.String>) throws org.springframework.web.HttpRequestMethodNotSupportedException]: The DispatcherServlet configuration needs to include a HandlerAdapter that supports this handler
org.springframework.web.servlet.DispatcherServlet.getHandlerAdapter(DispatchrServlet.java:1163)
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:939)
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:893)
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:966)
org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:857)
javax.servlet.http.HttpServlet.service(HttpServlet.java:621)
org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:842)
javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:51)
如果它更容易理解,我已经将代码推送到git repo。
答案 0 :(得分:1)
据我所见,您尝试向GET发送/oauth/token个请求
这是错误的方法。
此端点应接受POST请求,因此只需使用相同的字段发送给它。
答案 1 :(得分:0)
Here是我为单独的身份验证和资源服务器配置 minimal 的示例 - 只有这些才能使其发挥作用。